Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Initial methodologies for model-based security testing and risk-based security testing

: Seehusen, F.; Menz, N.; Viehmann, J.; Erdogan, G.; Stølen, K.
: Diamonds Consortium

Volltext urn:nbn:de:0011-n-2115714 (4.3 MByte PDF)
MD5 Fingerprint: 8ef7cc5004e421103fd934ed3423fba7
Erstellt am: 24.8.2012

Berlin: Fraunhofer FOKUS, 2012, 67 S.
Reportnr.: D3.WP4 T2 T3
Bericht, Elektronische Publikation
Fraunhofer FOKUS ()
security testing; model-based; fuzzing; risk-based

This document constitutes the second deliverable for task 4.2 and task 4.3 of work package 4 on risk- and model-based security testing methodologies. While the other work packages of the DIAMONDS project describe techniques/methods and tools, work package 4 describes processes/guidelines for applying these tool and techniques in practice. This deliverable has four sections. First, in Section 1, we describe a conceptual framework defining the main concepts related to model-based security testing risk-based testing and their relationships. The conceptual framework serves a basis for defining methodologies for risk- and model-based security testing. In Section 2, we present an initial process for test-driven security risk assessment which was used in a DIAMONDS case study. This process has b een evaluated, and the results of the evaluation are presented in Section 3. Finally, Section 4 presents a method to increase the efficiency of the risk analysis process in the setting of model-based risk assessment.